Nemo: Asset loss attack was caused by launching new features without sufficient auditing

Jinse Finance reported that the DeFi protocol Nemo on Sui has released an incident report stating that due to security vulnerabilities in the flash_loan and get_sy_amount_in_for_exact_py_out functions within the contract, attackers exploited these flaws, resulting in an asset loss of approximately $2.59 million. The attack stemmed from developers launching new features without thorough auditing and failing to promptly fix known risks. The majority of the funds were transferred to Ethereum via a cross-chain bridge. The protocol's core functions have now been frozen, a vulnerability patch has been submitted for emergency audit, and the team is formulating user compensation and asset tracking plans.